Image processing device capable of reading a user-identifying image

ABSTRACT

An image processing device is provided. The image processing device includes a scanner to scan an image formed on a sheet, a first image obtainer to read and obtain a first image being a processible image formed in a first area, the first area being allocated on the sheet, a second image obtainer to read and obtain a second image formed in a second area, the second area being allocated on the sheet separately from the first area, a judging unit to judge as to whether the second image obtained by the second image obtainer is qualifies a predetermined authentication criteria and is identical to a predetermined identifying image, and a function controller to activate a predetermined function of the image processing device, which processes the processible image obtained by the first image obtainer, when the judging unit judges that the second image is identical to the predetermined identifying image.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation application of U.S. application Ser.No. 12/694,716 filed on Jan. 27, 2010, which claims benefit of JapanesePatent Application No. 2009-018215, filed on Jan. 29, 2009, the contentsof both of which are hereby incorporated by reference into the presentapplication.

BACKGROUND

1. Technical Field

An aspect of the present invention relates to an image processing devicecapable of permitting and restricting usage of functions provided to theimage processing device on basis of a user and a computer readablestorage medium therefor.

2. Related Art

Conventionally, an image processing device having a plurality offunctions has been known. The plurality of functions may be, forexample, a printing function, a scanning function, a copier function, afacsimile receiving/transmission function, and a data transferringfunction. The image processing device may have an authenticationfunction to authenticate users so that usage of the functions of theimage processing device is allowed only to approved users.

Such an image processing device with the authentication function isgenerally configured to receive identifying information to identify theuser, such as a user name and a password, and permit usage of specificfunctions when the identifying information is confirmed.

SUMMARY

When the image processing device requiring authentication, however, theuser is required to manually input the identifying information throughan input device (e.g., operation panel with keys). The inputtingoperation may be redundant and troublesome specifically when the inputdevice is provided with a small number of keys. Manipulating the smallnumber of keys to enter the identifying information may be troublesomeand may occasionally provoke input errors.

In view of the above drawback, the present invention is advantageous inthat an image processing device, capable of authenticating specificusers without requiring the users to manually input the identifyinginformation, is provided. Further, a computer readable storage mediumfor the image processing device is provided.

According to an aspect of the present invention, an image processingdevice is provided. The image processing device includes a scanner toscan an image formed on a sheet, a first image obtainer to read andobtain a first image being a processible image formed in a first area,the first area being allocated on the sheet, a second image obtainer toread and obtain a second image formed in a second area, the second areabeing allocated on the sheet separately from the first area, a judgingunit to judge as to whether the second image obtained by the secondimage obtainer qualifies a predetermined authentication criterion and isidentical to a predetermined identifying image, and a functioncontroller to activate a predetermined function of the image processingdevice, which processes the processible image obtained by the firstimage obtainer, when the judging unit judges that the second image isidentical to the identifying image.

According to another aspect of the present invention, a computerreadable storage medium storing computer readable instructions isprovided. The computer readable instructions cause a computer to processan image by executing steps of reading and obtaining a first image,which is a processible image formed in a first area, the first areabeing allocated on a sheet, reading and obtaining a second image, whichis formed in a second area, the second area being allocated on the sheetseparately from the first area, judging as to whether the obtainedsecond image qualifies a predetermined authentication criterion and is apredetermined identifying image, and activating a predetermined functionof the computer, which processes the obtained first image being theprocessible image, when the second image is judged to be identical tothe identifying image.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

FIG. 1A is a block diagram to illustrate an electrical configuration ofa multifunction peripheral device (MFP) according to an embodiment ofthe present invention. FIG. 1B illustrates a schematic view of a scannerunit in the MFP according to the embodiment of the present invention.

FIG. 2A illustrates information to be stored in a functional limitationstorage area of a storage unit in the MFP according to the embodiment ofthe present invention. FIG. 2B illustrates information to be stored inan identifying image data storage area of a storage unit in the MFPaccording to the embodiment of the present invention.

FIGS. 3A and 3B illustrate image forming areas and identifying imageareas on obverse sides and reverse sides of original sheets to be fed inthe MFP according to the embodiment of the present invention.

FIGS. 4A and 4B illustrate image forming areas and identifying imageareas on obverse sides and reverse sides of recording sheets to be fedin the MFP according to the embodiment of the present invention.

FIG. 5 is a flowchart to illustrate a main operation flow in the MFPaccording to the embodiment of the present invention.

FIG. 6 is a flowchart to illustrate a flow of user registration executedin the MFP according to the embodiment of the present invention.

FIG. 7 is a flowchart to illustrate a function-locking flow executed inthe MFP according to the embodiment of the present invention.

FIG. 8 is a flowchart to illustrate a function controlling flow executedin the MFP according to the embodiment of the present invention.

FIG. 9 is a flowchart to illustrate the function controlling flowexecuted in the MFP according to the embodiment of the presentinvention.

DETAILED DESCRIPTION

Hereinafter, an embodiment according to the present invention will bedescribed with reference to the accompanying drawings. Firstly, anoverall configuration of an MFP 1 according to the present embodimentwill be described with reference to FIG. 1A.

The MFP 1 is a multifunction device having a plurality of implementssuch as a printing function, a scanning function, a copier function, afacsimile communication function, and i-FAX (internet facsimile)communication function. The MFP 1 further has a function to transmitdata representing a scanned image to a USB-enabled storage device(so-called Scan-to-USB function). In order to implement these functions,the MFP 1 is provided with a control unit 11, a scanner unit 12, aprinter unit 13, a storage unit 14, a LAN communication unit 15, a PSTN(public switched telephone networks) communication unit 16, a USBinterface unit 17, an operation unit 18, and a display unit 19.

The control unit 11 includes a microcomputer (not shown) with a CPU, aROM, and a RAM. The control unit 11 control entire behaviors of the MFP1.

The scanner unit 12 includes a first image sensor 12A, a second imagesensor 12B, and an original feeder unit 12C. The first image sensor 12Aand the second image sensor 12B are devices to optically read an imageformed on an original sheet. The original feeder unit 12C is a device tofeed a plurality of original sheets to the first and second imagesensors 12A, 12B separately one by one.

A configuration of the scanner unit 12 will be described with referenceto FIG. 1B. The first image sensor 12A is arranged along a feeding pathof the original sheet in a position, in which the first image sensor 12Acan read an obverse side D1 of the original sheet being fed by theoriginal feeder unit 12C. The second image sensor 12B is arranged alongthe feeding path in a position, in which the second image sensor 12B canread a reverse side D2 of the original sheet being fed by the originalfeeder unit 12C. Accordingly, the images formed on the obverse side andthe reverse side of the original sheet can be read respectively by thefirst image sensor 12A and the second image sensor 12B concurrently.

As illustrated in FIG. 1A, the first image sensor 12A and the secondimage sensor 12B are located in positions to be apart from each otherfor a length L1 along the feeding path; therefore, the second imagesensor 12B starts reading the reverse side D2 prior to the first imagesensor 12A reading the obverse side D1. The first image sensor 12Astarts reading the obverse side D1 when the original sheet reaches aposition opposing the first image sensor 12A along the feeding path.

The printer unit 13 is a printing device to form an image on a recordingsheet. The image to be formed on the recording sheet may be obtainedthrough the scanner unit 12 reading the original image or through thefacsimile receiving function of the MFP 1.

The storage unit 14 includes a non-volatile memory area provided by, forexample, a hard disk drive and an NVRAM and a temporary memory areaprovided by, for example, a RAM. The non-volatile memory area in thestorage unit 14 has a functional limitation storage area 14A and anidentifying image data storage area 14B. Information stored in thenon-volatile memory area is maintained even after the MFP 1 is poweredoff. The temporary memory area has an image buffer 14C for scanner. Whenthe scanner unit 12 reads an image, data representing the image isstored in the image buffer 14C. Further, a buffer area 14D to be usedfor analyzing obtained second authentication data is provided.

The LAN communication unit 15 includes a communication interface toconnect the MFP 1 to a local area network (LAN) so that the MFP 1 canexchange data with other external devices (not shown) through the LAN.When the LAN, to which the MFP 1 is connected, is further connected to awide area network (WAN) such as the Internet through a gateway, the MFP1 can communicate with other external devices outside the LAN throughthe WAN. The data exchange through the LAN communication unit 15 can beperformed by the i-FAX function of the MFP 1.

The PSTN communication unit 16 includes devices such as a facsimilemodem and audio CODEC, which are required to connect the MFP 1 to thePSTN. The MFP 1 can communicate with other PSTN-enabled external devices(e.g., a facsimile machine; not shown) through the PSTN. The dataexchange through the PSTN can be performed by the PSTN communicationunit 16.

The USB interface unit 17 includes an interface to connect the MFP 1 toa USB-enabled storage device. When, for example, the MFP 1 utilizes theScan-to-USB function, the data representing the image scanned by thescanner unit 12 can be transferred to the USB-enabled storage devicethrough the USB interface unit 17.

Next, authenticating function to authenticate users of the MFP 1 will bedescribed. In the present embodiment, specific functions among theplurality of functions provided to the MFP 1 are available to approvedusers when a function-locking function is activated in the MFP 1. Theusers can be approved in two methods, which are a first authenticationmethod and a second authentication method in the present embodiment.

In the first authentication method, a user is required to manipulate theoperation unit 18 to select a user name and enter first authenticationdata (i.e., a password) corresponding to the user name. In the secondauthentication method, an identifying image formed in a predeterminedarea of a sheet is read by the scanner unit 12.

Firstly, the first authentication method will be described withreference to FIG. 2A. In order to accomplish the first authenticationmethod, a plurality of sets of data are stored in the functionallimitation storage area 14A in the storage unit 14. Each data setincludes six entries, which are “User name,” “First authenticationdata,” “Fax transmission,” “i-Fax transmission,” “Copy,” and“Scan-to-USB,” and each data set corresponds to a specific user. Theinformation in the fields “Fax transmission,” “i-Fax transmission,”“Copy,” and “Scan-to-USB” respectively indicates permission for the userto use the facsimile transmission function, the i-FAX transmissionfunction, and the Scan-to-USB function. The fields further includeinformation which indicates, when the user is permitted to use thefunction, a permitted number of times to use the function. Thus, theinformation stored in the functional limitation storage area 14Aindicates usability of the functions installed in the MFP 1 on basis ofthe user.

The fields “User name” and “First authentication data” include characterstrings to which the MFP 1 refers when the MFP 1 checks authenticity ofthe user in the first authentication method. In the present embodiment,the character strings are provided to the user by an administrator ofthe MFP 1.

The user name and the first authentication data are registered in thefunctional limitation storage area 14A by the administrator in advance,and the user is informed thereof by the administrator later. When theuser attempts to use one of the functions in the MFP 1, which requiresauthentication of the user in the first authentication method, the usermanipulates the operation unit 18 to select the given user name andenter the given first authentication data.

When the user name and the first authentication data are entered, theMFP 1 refers to the information registered in the functional limitationstorage area 14A and compares the entered user name and the enteredfirst authentication data with the registered user name and theregistered first authentication data. When the entered information andthe registered information match, the MFP 1 authenticates the user, andthe user is allowed to login with the user name.

When the user is authenticated, the MFP 1 refers to the information inone of the entries “Fax transmission,” “i-Fax transmission,” “Copy,” and“Scan-to-USB”, which corresponds to the function desired by the user, inthe data set. Thus, the MFP 1 judges as to whether the current user ispermitted to use the desired function. Further, if the user is permittedto use the function, the MFP 1 further judges as to whether the currentusage by the current user is within the limited number assigned by theadministrator.

The information indicated in the entries “Fax transmission,” “i-Faxtransmission,” “Copy,” and “Scan-to-USB” has been, similarly to the username and the first authentication data, registered in the functionallimitation storage area 14A by the administrator in advance.

An example of authentication of a user will be described. When, forexample, information as shown in FIG. 2A is registered in the functionallimitation storage area 14A, and a user manipulates the operation unit18 to select a user name “User1” and enter first authentication data“1111,” the MFP 1 authenticates the user.

Once the user is authenticated, the MFP 1 refers to the data set in thefunctional limitation storage area 14A corresponding to the user andpermits one of facsimile transmission, i-FAX transmission, and copyingwithin the limiting number assigned by the administrator and indicatedin the fields. When the user desires to use the Scan-to-USB function,however, the MFP 1 prohibits the user from using the function. When theuser wishes to use the function, but the user has experienced to use thefunction for the limited number of times, the user is no longerpermitted to use the function.

When a different user attempts to use the MFP 1, authenticity of thedifferent user is similarly examined, and the MFP 1 provides the desiredfunction based on the permission and restriction indicated in thefunctional limitation storage area 14A. For example, when a user with auser name “User3” is authenticated, the user is permitted to use thecopier function up to the number indicated in the “Copier” fieldcorresponding to the user. Meanwhile, usage of the facsimiletransmission function, i-FAX transmission function, and the Scan-to-USBfunction is prohibited.

When a user fails in the authentication, or when a predetermined timeperiod elapses after successful authentication, the MFP 1 operates in a“public” mode, in which usage of the functions is permitted orrestricted in accordance with information in a data set for “Public”users as registered in the functional limitation storage area 14A (see alowermost row in FIG. 2A).

Therefore, the functions of the MFP 1, of which usage is permitted topublic by the administrator, can be used even when the user is notauthenticated. The usable functions open to public in the public modeare determined by discretion of the administrator. In general, however,the usability of the functions open to public may be restricted to benarrower compared to the usability of the functions based onauthentication.

Next, the second authentication method will be described with referenceto FIG. 2B. In order to accomplish the second authentication method, aplurality of sets of data are stored in the identifying image datastorage area 14B in the storage unit 14. Each data set includes twoentries, which are “User name” and “second authentication data.” Eachdata set is registered in correspondence with a user.

The users (i.e., the character strings in the “User name” field)registered in the identifying image data storage area 14B are identicalto the users registered in the functional limitation storage area 14A.Thus, the data sets registered in the functional limitation storage area14A and the identifying image data storage area 14B are associated witheach other on the basis of the user names.

The second authentication data in the present embodiment is datarepresenting a personal identifying image to be used for authentication.Alternatively, the second authentication data may be criterial data forthe MFP 1 to judge authenticity of a personal identifying image. Thecriterial data may be, for example, when the personal identifying imageis a bar-code image, binary data represented by the bar-code image. Foranother example, the criterial data may be, when the personalidentifying image is an image representing a character string, text datawhich can be extracted from the image through an OCR operation. In thepresent embodiment, the second authentication data is a piece of datarepresenting an image of an imprinted personal seal.

According to the present embodiment, when the image data representing animprinted personal seal is used as the second authentication data, animage of an imprinted personal seal provided by the user is scanned bythe scanner unit 12 to generate the image data representing theimprinted seal. The image data is thus registered in the identifyingimage data storage area 14B by the administrator. After theregistration, the user can be authenticated in the second authorizationmethod.

When the MFP 1 authenticates the user according to the secondauthentication method, the user manipulates the operation unit 18 toactivate a function (e.g., facsimile transmission, copier, etc.)involving the scanning behavior of the scanner unit 12.

When the function is activated, the MFP 1 controls the scanner unit 12to read an image formed in a predetermined area on an original sheet. Inthe present embodiment, the identifying image is formed in apredetermined image area for authentication, which occupies a part ofthe original sheet. The image read by the scanner unit 12 is comparedwith the image data represented by the second authentication data, whichis registered in the image authentication data storage 14B.Alternatively, binary data or image data representing the scanned imageis compared with the second authentication data. When the image dataobtained by the scanner unit 12 and the second authentication datamatch, the user who has the original sheet with the image formed in thepredetermined identifying image area is authenticated.

When the user is authenticated, the MFP 1 refers to the information inthe one of the entries “Fax transmission,” “i-Fax transmission,” “Copy,”and “Scan-to-USB”, which corresponds to the function desired by theuser, in the data set registered in the functional limitation storagearea 14A. Thus, the MFP 1 judges as to whether the current user ispermitted to use the desired function. Further, if the user is permittedto use the function, the MFP 1 further judges up to how many times theuser is permitted to use the function.

When the user fails to be authenticated, or when the user is prohibitedfrom using the desired function, the MFP 1 manipulates the scanner unit12 solely to read the identifying image but prohibits the user fromusing the desired function.

In the present embodiment, the administrator can preset theauthentication method to be used in the MFP 1. The MFP 1 mayauthenticate the user solely in the first authentication method or inthe second authentication method according to the administrator'sdiscretion. Alternatively, the MFP 1 may authenticate the user in thefirst authentication method together with the second authenticationmethod.

When the second authentication method is used in the MFP 1, a range forthe identifying image area to be laid out in an original sheet may bedetermined by the administrator. Examples of the identifying image areaswill be described with reference to FIGS. 3A, 3B, 4A, and 4B.

FIG. 3A shows a first example of an original sheet with an obverse sideD1 and a reverse side D2 to be fed in the scanner unit 12 of the MFP 1.The original sheet has an image to be processed (e.g., copied) by theMFP 1 on each side D1, D2. The obverse side D1 includes a firstprocessible image area A1, in which the image to be processed can beformed. The reverse side D2 includes a second processible image area A2.The reverse side D2 further includes the identifying image area A3.

It is to be noted in FIG. 3A that the obverse side D1 and the reverseside D2 are drawn in vertically displaced positions with respect to eachother. Specifically, the reverse side D2 is in a position higher thanthe obverse side D1 for a length L1. The positional relation of theobverse side D1 and the reverse side D2 represents positions to bescanned by the scanner unit 12 simultaneously. That is, in the MFP 1, ashas been described above, the first image sensor 12A and the secondimage sensor 12B are apart from each other for the length L1, and thereverse side D2 starts being scanned by the second image sensor 12Bbefore the obverse side D1 starts being scanned by the first imagesensor 12A (see FIG. 1B). Therefore, the obverse side D1 starts beingscanned at a time point later for a period corresponding to the lengthL1 than a time point in which the reverse side D2 starts being scanned.

The identifying image area A3 is allocated in a range corresponding to alength L2 (see FIG. 3A). The length L2 is equal to the length L1subtracted by a length L3 (L2=L1−L3). In the MFP 1 according to thepresent embodiment, relation between a feeding speed to carry theoriginal sheet in the feeding path by the original feeder unit 12C andthe length L3 is optimized to be such that, when the original feederunit 12C feeds the original sheet in a predetermined speed, a timeperiod required to carry the original sheet for the length L3 exceeds atime period in which the user is authenticated in the secondauthentication method.

Under the above-described condition, the range for the identifying imagearea A3 corresponding to the length L2 is determined within thelimitation in consideration of the length L3. In particular, the usermay enter a value indicating the length L2 through the operation unit18. Alternatively, for example, the MFP 1 may present several presetoptions for the length L2 to the user so that the user can select one ofthe options to set the length L2. In either way, the length L2 is setwithin the range in which the length L3 is maintained.

According to the above configuration, when the second image sensor 12Bscans the identifying image area A3 and successively starts scanning thesecond processible image area A2, the MFP 1 can starts checkingauthenticity of the user based on the image formed in the identifyingimage area A3. Thus, authentication in the second authentication methodis completed before the first image sensor 12A starts scanning the firstprocessible image area A1.

When the user fails in the authentication, scanning of the firstprocessible image area A1 can be canceled so that the first processibleimage area A1 is not scanned for the unapproved user. In the presentexample, when the identifying image area A3 is determined within thelimited range, a remaining portion of the reverse side D2 isautomatically determined to be the second processible image area A2.

According to the above example, the redundant scanning of the firstprocessible image area A1 is prevented by optimizing the length L3,which is based on the condition that the original feeder unit 12Ccarries the original sheet in a predetermined speed steadily. However,the redundant scanning of the first processible image area A1 can beprevented if the original feeder unit 12C is configured to be such thatthe original sheet is stopped at a predetermined position when scanningof the identifying image area A3 is completed.

With this configuration, the scanning operation can be stopped uponcompletion of scanning of the identifying image area A3; therefore,solely the authenticating process can be executed without scanning thesecond processible image area A2. When the user fails in theauthentication, similarly to the configuration in which the originalsheet is carried in the steady speed, redundant scanning of the firstprocessible area A1 can be prevented. Further, unlike the configurationin which the original sheet is carried in the steady speed, redundantscanning of the second processible image area A2 can be avoided.

Furthermore, the once-stopped feeding behavior of the original feederunit 12C is resumed, after completion of authentication in the secondauthentication method. Therefore, no optimization of the relationbetween the feeding speed and the length L3 is necessary. Rather, adesired range can be determined to be the identifying image area A3.

Next, a second example of the processible image areas and theidentifying image area A3 will be described with reference to FIG. 3B.FIG. 3B shows an original sheet with an obverse side D1 and a reverseside D2 to be fed in the scanner unit 12 of the MFP 1. The obverse sideD1 includes the first processible image area A1, and the reverse side D2includes the second processible image area A2 and the identifying imagearea A3. Further, the reverse side D2 includes an unused area A4 in anarea corresponding to the range of the length L3.

In the second example, the identifying image area A3 can be determinedsimilarly to the identifying image area A3 in the first example. A rangefor the unused area A4 is determined accordingly. In the second example,the range for the second processible image area A2 is constant.

With the unused area A4 on the reverse side D2, feeding of the originalsheet steadily in a constant speed is accomplished whilst the redundantscanning of the first processible image area A1 and the secondprocessible image area A2 is avoided upon authentication failure.

That is, when scanning of the identifying image area A3 is completed,the feeding behavior of the original feeder unit 12C is not stopped butcontinued. Meanwhile, scanning of the unused area A4 is omitted.Authentication of the user is completed whilst the original sheet iscarried for the length L3. Thus, when the user is authorized, scanningof the first processible image area A1 and the second processible imagearea A2 is simultaneously started.

With the above configuration, although the second processible image areaA2 is narrowed by the unused area A4, the original sheet can be fedcontinuously without a pause. Therefore, the user can recognizecontinuous operation of the MFP 1 including the authentication and thesucceeding scanning of the first processible image area A1 and thesecond processible image area A2. Meanwhile, redundant scanning of thefirst processible image area A1 and the second processible image area A2can be prevented when the user fails in authentication.

Next, a third example of the first and second processible image areasA1, A2 and the identifying image area A3 will be described withreference to FIG. 4A. FIG. 4A shows an original sheet with an obverseside D1 and a reverse side D2 to be fed in the scanner unit 12 of theMFP 1. The obverse side D1 includes the first processible image area A1and the identifying image area A3, and the reverse side D2 includes thesecond processible image area A2. In the third example, the identifyingimage area A3 is not included in the reverse side but is included in theobverse side D1. The identifying image area A3 can be determinedsimilarly to the identifying image area A3 in the first example. A rangefor the first processible image area A1 to be laid out is determinedaccordingly.

The identifying image area A3 can be thus arranged on the obverse sideD1, and the MFP 1 can check authenticity of the user without problem.However, with the identifying image area A3 in the position as shown inFIG. 4A, the scanner unit 12 scans the second processible image area A2prior to completion of the authentication and uses some of the storagearea in the storage unit 14. Therefore, when the user fails in theauthentication, the storage area used in the preceding scanningoperation is to be aborted. In such a case, the preceding scanningoperation results in waste.

When the user fails in authentication in the second authenticationmethod, however, the user may subsequently attempt to be approved in thefirst authentication method. Thus, data generated in the precedingscanning operation, which is conducted prior to completion ofauthentication in the second authentication method, may be used when theuser is approved in the first authentication method.

Further, with the identifying image area A3 in the position as shown inFIG. 4A, and when the original sheet is fed in a constant speed, thefirst processible image area A1 is also scanned prior to completion ofthe authentication in the second authentication method. Therefore, dataobtained in the preceding scanning operation to scan the firstprocessible image area A1 can be wasted. In order to avoid the redundantpreceding scanning operation, the feeding behavior of the originalfeeder unit 12C can be stopped temporarily to wait until completion ofthe authentication.

Next, a fourth example of the processible image area A1 and theidentifying image area A3 will be described with reference to FIG. 4B.FIG. 4B shows an original sheet with an obverse side D1 and a reverseside D2 to be fed in the scanner unit 12 of the MFP 1. The obverse sideD1 includes the first processible image area A1, and the reverse side D2includes the identifying image area A3. In the fourth example, thereverse side D2 does not include the second processible image area A2.

In the fourth example, it is required that the user informs the MFP 1 ofthat the identifying image area A3 is arranged on the reverse side D2 ofthe original sheet in advance. Thereafter, when the user activates ascanning operation of the original sheet, the user sets the MFP 1 toscan solely one side of the original sheet.

When the instruction to scan the single side only is given, and when thesecond authentication method is not designated, the MFP 1 scans theoriginal sheet by use of solely the first image sensor 12A.

Meanwhile, when the second authentication method is designated, the MFP1 scans the original sheet by use of both of the first image sensor 12Aand the second image sensor 12B even though the instruction to scan thesingle side only is given. Accordingly, the identifying image in theidentifying image area A3 on the reverse side D2 is scanned by thesecond image sensor 12B whilst the processible image in the firstprocessible image area A1 on the obverse side D1 is scanned by the firstimage sensor 12A.

Thus, the obverse side D1 and the reverse side D2 of the original sheetare respectively are separately used as the first processible image areaA1 and the identifying image area A3 respectively. Therefore, thereverse side D2 can be entirely and distinctly used as the identifyingimage area A3 whilst the range for the identifying image area A3 may beindistinct to the user when the identifying image area A3 is arrangedalong with the first or second processible image area A1 or A2 on a sameside of the original sheet.

Additionally, when the obverse side D1 and the reverse side D2 aredistinctly used as the first processible image area A1 and theidentifying image area A3 respectively, solely a partial range of thereverse side D2 may still be used as the identifying image area A3. Theremaining of the reverse side D2 may be determined to be the unused areaA4.

Alternatively, the processible image area A1 may be assigned to thereverse side D2, and the identifying image area A3 may be assigned tothe obverse side D1 of the original sheet.

When the image data representing the imprinted personal seal is used asthe second authentication data, sizes of imprinted personal seals aregenerally within an assumable range. Therefore, even when one of theobverse and reverse sides D1, D2 of the original sheet is entirely usedas the identifying image area A3, merely a small range in theidentifying image area A3 may be occupied by the identifying image. Insuch a case, therefore, examination of presence and absence of theidentifying image may not necessarily wait until the entire identifyingimage area A3 is scanned. For example, a predetermined rangecorresponding to a length L4 may be scanned to detect the identifyingimage. When the identifying image is not detected after analyzing thescanned area, the range to be scanned is shifted in turn along thedirection of the original sheet to be scanned. In this scan-and-analysismethod, a volume of the image buffer 14C to be used in the scanningoperation can be reduced, compared to a volume of the image buffer 14Cto be used in the entire scanning of the reverse side D2, so that thestorage areas in the storage unit 14 can be effectively used.

The settings of the first and the second processible image areas A1, A2and the identifying image area A3 can be selected by the user from theoptions described above. Alternatively, one of the options may befixedly set in the MFP 1.

Next, flows of operations to utilize the above authentication methods inthe MFP 1 will be described with reference to FIGS. 5 through 9.

A main operation flow of the MFP 1 is activated when the MFP 1 ispowered on and conducted by the CPU in the control unit 11. When theflow starts, in S105, the MFP 1 waits for a user's input through a key.In S110, the MFP 1 judges as to whether the user's input is given. Whenno input is detected (S110: NO), the MFP 1 returns to S105. Thus, theMFP 1 repeats S105-S110 until the user's input is detected.

When the user's input through a key is detected (S110: YES), in S115,the MFP 1 recognizes an event corresponding to the manipulated key andbehaves accordingly to the event. After completion of the event, the MFP1 returns to S105.

In S115, the behavior of the MFP 1 to be performed varies depending onthe key manipulated by the user. In the MFP 1 according to the presentembodiment, the behavior can be one of user registration,function-locking, and function-controlling. These behaviors of the MFP 1will be described hereinbelow.

The flow of user registration will be described with reference to FIG.6. The flow of user registration is activated upon a triggering event,which is manipulation of the corresponding key by the administrator ofthe MFP 1.

When the flow starts, in S205, the MFP 1 judges as to whether theregistration is for registering a new user. In the MFP 1 according tothe present embodiment, registration of a user includes registering anew user and modifying information concerning an existing user who isalready registered. Therefore, the administrator informs the MFP 1 of asto whether the current registration is registering a new user bymanipulating a predetermined key in the operation unit 18. In S205,therefore, the MFP 1 judges based on the manipulated key as to whetherthe current registration is for registering a new user.

In S205, when the MFP 1 determines that the current registration is notfor registering a new user (S205: NO), in S210, the MFP 1 prompts theadministrator to select an existing user, of which information is to bemodified, and receives the administrator's selection. The flow proceedsto S215. In S205, when the MFP 1 determines that the currentregistration is for registering a new user (S205: YES), the MFP 1 skipsS210 and proceeds to S215.

In S215, the MFP 1 receives information concerning the user to beregistered or modified. When the current registration is for registeringa new user, the administrator enters a new user name. When the currentregistration is for modifying an existing user, if necessary, theadministrator modifies at least a part of the existing user name. Theentered or modified user name is stored in the functional limitationstorage area 14A.

In S220, the MFP 1 receives information concerning the firstauthentication data. When the current registration is for registering anew user, the administrator enters first authentication datacorresponding to the new user. When the current registration is formodifying an existing user, if necessary, the administrator modifies thefirst authentication data corresponding to the existing user. Theentered or modified first authentication data is stored in thefunctional limitation storage area 14A. The flow proceeds to S225.

In S225, the MFP 1 receives limitation concerning usage of the functionsof the MFP 1, which are facsimile transmission, i-FAX transmission,copier, and Scan-to-USB. When the current registration is forregistering a new user, the administrator enters limitation on thefunctions permitted to the new user. When the current registration isfor modifying an existing user, if necessary, the administrator modifiesthe limitation on the functions permitted to the existing user. Theentered or modified limitation is stored in the functional limitationstorage area 14A. The flow proceeds to S230.

In S230, the MFP 1 judges as to whether the second authentication datais to be registered. The administrator can inform the MFP 1 ofregistration of the second authentication data by manipulating apredetermined key in the operation unit 18. In S230, therefore, the MFP1 judges based on the manipulated key as to whether the administratorregistration of the second authentication data is requested.

In S230, when the MFP 1 determines that registration of the secondauthentication data is requested (S230: YES), in S235, the MFP 1receives second authentication data corresponding to the user. When thecurrent registration is for registering a new user, the administratorenters second authentication data corresponding to the new user. Whenthe current registration is for modifying an existing user, ifnecessary, the administrator modifies the second authentication datacorresponding to the existing user. The entered or modified secondauthentication data is stored in the identifying image data storage area14B. The flow proceeds to S240.

In S235, specifically, the administrator sets a sheet having an image ofan imprinted personal seal, provided by the user being registered, inthe scanner unit 12 and instructs the MFP 1 to extract the secondauthentication data from the scanned sheet. The MFP 1 therefore scansthe sheet and extracts pixels containing a color component of a specifictype of ink from the read image. Thus, the second authentication data,i.e., image data representing the imprinted personal seal, is generatedand stored in the identifying image storage area 14B. Following S235,the flow proceeds to S240. In 230, when the MFP 1 determines that thecurrent registration does not require registration of the secondauthentication data (S230: NO), the MFP 1 skips S235 and proceeds toS240.

In S240, the MFP 1 judges as to whether the user registration iscompleted (S240). The administrator can inform the MFP 1 of completionof the user registration by manipulating a predetermined key in theoperation unit 18. In S240, therefore, the MFP 1 judges completion ofthe user registration based on the manipulated key.

In S240, when the MFP 1 determines that the administrator requests forfurther user registration and the user registration is not completed(S240: NO), the flow returns to S205, and the MFP 1 repeats S205-S240.When the MFP determines that the user registration is completed and theadministrator wishes to finish the user registration (S240: YES), theMFP 1 terminates the flow.

Next, a flow of function-locking in the MFP 1 will be described withreference to FIG. 7. The flow of function-locking is activated upon atriggering event in S115, which is manipulation of the corresponding keyby the administrator of the MFP 1. In the function-locking flow,authentication of users in the second authentication method can bevalidated so that a locking system to restrict usage of the functions ofthe MFP 1 according to the functional limitation registered in thefunctional limitation storage area 14A on basis of the user isactivated.

When the flow starts, in S305, the MFP 1 judges as to whether the MFP 1has necessary information to activate a locking system to lock thefunctions of the MFP 1. The necessary information to activate a lockingsystem may be, for example, the information registered in the userregistration in S205-S240.

Therefore, when at least one user name is registered and when limitationon the functions for the user is registered, the MFP 1 determines thatMFP 1 has the necessary information to activate the locking system forthe user.

In S305, when the MFP 1 judges that the MFP 1 does not have thenecessary information to activate the locking system (S305: NO), the MFP1 terminates the flow. When the MFP 1 judges that the MFP 1 has thenecessary information to activate the locking system (S305: YES), inS310, the MFP 1 activates the locking system. When the locking system isactivated, the activation is indicated, for example, by a flag in apredetermined memory area in the MFP 1 to be referred to in thesucceeding steps (see S405 in FIG. 8).

In S315, the MFP 1 examines a number of pieces of second authenticationdata and judges as to whether the number is greater than zero (0). Inother words, the MFP 1 judges as to whether at least one piece of secondauthentication data is registered. When the number of pieces ofregistered second authentication data is zero (S315: NO), the MFP 1cannot authenticate users in the second authentication method;therefore, the MFP 1 terminates the flow. In this regard, the MFP 1 willauthenticate users solely in the first authentication method.

In S315, when the number of pieces of registered second authenticationdata is greater than zero (S315: YES), the MFP 1 can authenticate usersin the second authentication method. In S320, the MFP 1 presents amessage to the administrator through the display unit 19. In themessage, the MFP 1 asks the administrator as to whether“auto-authentication,” which is authentication according to the secondauthentication method, is to be activated. The administrator canmanipulate the operation unit 18 to enter the instruction concerningactivation of auto-authentication.

When the administrator's instruction is entered, in S325, the MFP 1judges as to whether the auto-authentication is to be activated. Whenthe auto-authentication is not to be activated (S325: NO), theadministrator's instruction means that the second authentication methodis not to be used. Therefore, the MFP 1 terminates the flow. In thisregard, the MFP 1 will authenticate users solely in the firstauthentication method.

When the auto-authentication is to be activated (S325: YES), theadministrator's instruction means that the second authentication methodis to be used. Therefore, in S330, the MFP 1 activates theauto-authentication. Further, in S335, the MFP 1 validates theidentifying image area of an original sheet. Thereafter, the MFP 1terminates the flow. In this regard, the MFP 1 can authenticate usersboth in the first authentication method and the second authenticationmethod.

The identifying image area validated in S335 refers to the identifyingimage area A3 as described above with reference to FIGS. 3A, 3B, 4A, and4B. In this regard, a positional option of the identifying image areaamong the first through fourth options and a range of the length L2 canbe determined by the administrator when the administrator enters theinstruction in S330 by manipulation of the operation unit 18. If thelength L2 is preliminarily determined, and if necessary, theadministrator may modify the length L2 in this regard.

Next, a flow of function-controlling will be described with reference toFIGS. 8 and 9. The flow of function-controlling is activated upon atriggering event in S115, which is manipulation of the corresponding keyby the administrator and other user of the MFP 1. The triggering eventrefers to a user's instruction to call a desired function in the MFP 1.

In the flow of function-controlling, the functions of the MFP 1 (e.g.,copier function, facsimile transmission, etc.) can be activated.Although detailed behaviors to be controlled may vary depending on thefunction being activated, the functions of the MFP 1 are activatedsimilarly in the function-controlling flow. Therefore, behaviorsspecifically relating to the present invention in thefunction-controlling flow, such as behaviors concerning userauthentication and permission to activation of the function, are commonamong the plurality of functions in the MFP 1. Therefore, the followingdescription will not specifically refer to any of the functions to beactivated.

When the flow starts, in S405, the MFP 1 obtains information concerningactivation of the locking system. In S410, the MFP 1 judges as towhether the locking system is activated. In particular, the MFP 1inspects presence and absence of the flag stored in the predeterminedmemory area indicating the activation of the locking system (see S310 inFIG. 7).

In S410, if the MFP 1 judges that the locking system is active (S410:YES), in S415, the MFP 1 identifies the user who has logged in. Further,in S420, the MFP 1 obtains the functional limitation for the user.

In particular, when the user is authenticated according to the firstauthentication method and has logged in the MFP 1, the name of the useris stored in a predetermined memory area. Therefore, in S415, the MFP 1refers to the predetermined memory area to obtain the user nametherefrom and identifies the current user. When the user fails inauthentication, or when a predetermined time period elapses aftersuccessful authentication, the MFP 1 operates in the public mode, inwhich usage of the functions is permitted or restricted in accordancewith information registered with the user name “Public.” Therefore, whenthe user has logged in with the user name “Public,” the user name“Public” is stored in the predetermined memory area. Thus, the MFP 1refers to the predetermined memory area and obtains the user name“Public” to recognize that the MFP 1 is operating in the public mode.

In S420, the MFP 1 searches the functional limitation storage area 12Ato detect a data set including the identified user name. Thus, the dataset corresponding to the current user is obtained. In this regard, whenthe MFP 1 is operating in the public mode, the data set corresponding to“Public” is obtained.

In S425, the MFP 1 determines usability of the function desired by thecurrent user. In particular, the MFP 1 judges as to whether usage of thedesired function is permitted to the current user based on the data setobtained in S420. The desired function is the function called in thetriggering event to activate the function-controlling flow. For example,when the user with the user name “User1” (see FIG. 2A) is the currentuser, and the current user wishes to use the MFP 1 for facsimiletransmission, in S425, the MFP 1 judges that the current user ispermitted to use the facsimile transmission function. For anotherexample, when the user with the user name “User3” is the current user,and the current user wishes to use the MFP 1 for facsimile transmission,in S425, the MFP 1 judges that the current user is not permitted to usethe facsimile transmission function.

Further, in S425, the MFP 1 refers to history of the desired functionhaving been used by the current user. The history indicating the numberof times, in which the function has been used by the current user, isrecorded in a predetermined area of the storage unit 14. The number isincremented by one each time the same user activates the function. InS425, therefore, the MFP 1 refers to the history and when the MFP 1finds that the number indicated in the history is equal to or exceedsthe permitted number (see FIG. 2A), it indicates that the current userhas used the function in the past up to the limited number of times.Therefore, the current user is no longer permitted to use the function.When the MFP 1 finds that the number indicated in the history is withinthe permitted number, the current user is permitted to use the desiredfunction.

In S425, when the MFP 1 judges that the desired function is permitted tothe current user (S425: YES), in S430, the MFP 1 activates the desiredfunction and terminates the function-controlling flow. In S410, when theMFP 1 judges that the locking system is not activated (S410: NO), theMFP 1 also activates the desired function and terminates thefunction-controlling flow.

In S430, the function desired by the user, e.g., printing, scanning,copier, facsimile transmission, i-FAX transmission, Scan-to-USB, isactivated. When the desired function (e.g., copier) requires scanning ofa processible image, scanning of the first processible image area A1 andthe second processible image area A2 is conducted in S430. Detailedbehaviors of the MFP 1 in S430 utilizing the desired function areequivalent to the behaviors of a conventional MFP; therefore,description of those will be omitted.

In S425, when the MFP 1 judges that the desired function is notpermitted to the current user (S425: NO), in S435, the MFP 1 obtainsinformation concerning activation of the auto-authentication (see S330in FIG. 7). In S440, the MFP 1 judges as to whether theauto-authentication is active based on the obtained information.

In S440, if the MFP 1 judges that the auto-authentication is not active(S440: NO), in S445, the MFP 1 denies the current user activation of thedesired function and terminates the function-controlling flow. Accordingto this flow, when the current user is not permitted to use the desiredfunction on basis of the first authentication method (S425: NO), andwhen the current user is not authenticated in the second authenticationmethod due to inactivation of the auth-authentication (S440: NO), thecurrent user is not provided with further means to cure the restriction.Therefore, the flow is directed to S445, in which usage of the desiredfunction by the current user is denied. In this regard, in S445, the MFP1 informs the current user of the denial by, for example, a messagedisplayed in the display unit 19.

In S440, if the MFP 1 judges that the auto-authentication is activated(S440: YES), in S450, the MFP 1 obtains information concerningavailability of auto-authentication based on the function desired by theuser, and in S455, the MFP 1 judges as to whether theauto-authentication is available to the desired function.

According to the present embodiment, availability of auto-authenticationis preliminarily determined based on as to whether the desired functionrequires a scanning behavior of the scanner unit 12. For example, whenthe desired function is facsimile transmission, which involves thescanner unit 12 to read the original sheet, the auto-authentication isavailable. For another example, when the desired function is printing,which does not involve the scanner unit 12, the auto-authentication isunavailable.

In S455, if the MFP 1 judges that the auto-authentication is unavailable(S455: NO), in S445, the MFP denies activation of the desired functionand terminates the function-controlling flow.

In S455, if the MFP 1 judges that the auto-authentication is available(S455: YES), in S460, the MFP 1 obtains information concerning of theidentifying image area A3. Further, in S465, the MFP 1 judges as towhether the MFP 1 is required to change settings for reading the secondauthentication data.

The information concerning the identifying image area A3 refers tosettings indicating a side of the original sheet (i.e., the obverse sideD1 or the reverse side D2), a position (i.e., the length L2) on theside. The settings of the identifying image area A3 have been determinedby the administrator in advance. Therefore, in S460, the MFP 1 obtainsthe information indicating the settings and, if necessary, modifiesparameters to control the scanner unit so that the scanner unit 12 scansa correct range corresponding to the identifying image area A3.

In S465, specifically, the MFP 1 determines that modification of thescanning settings to read the second authentication data is requiredwhen: the behavior required in the desired function involves scanning ofsolely the obverse side D1 of the original sheet and the identifyingimage area A3 is arranged on the reverse side D2; and the behaviorrequired in the desired function involves scanning of solely the reverseside D2 of the original sheet and the identifying image area A3 isarranged on the obverse side D1. In other words, when scanning ofsingle-side only is instructed by the user although practically bothsides need to be scanned, the MFP 1 determines that modification ofscanning settings is required.

In S465, when the MFP 1 determines that modification of scanningsettings is required (S465: YES), in S470, the MFP 1 modifies thescanning settings accordingly. The flow proceeds to S475 (see FIG. 9).In S465, when the MFP 1 determines that modification of scanningsettings is not necessary (S465: NO), the MFP 1 skips 5470 and proceedsto S475.

In S475, the MFP 1 scans the identifying image area A3. In S480, the MFP1 analyzes the image data obtained from the identifying image area A3and extracts a candidate image for the second authentication data. Inparticular, the MFP 1 detects and extracts pixels containing a colorcomponent of specific ink from the read image. Thus, an image of theimprinted personal seal of the current user is obtained.

In S485, the MFP 1 judges as to whether a candidate image for the secondauthentication data is successfully extracted. If the MFP 1 judges thatthe candidate image is not extracted (S485: NO), the flow proceeds toS445 (see FIG. 8), in which the MFP 1 denies the current user activationof the desired function and terminates the function-controlling flow.

If the MFP 1 judges that the candidate image is extracted (S485: YES),in S490, the MFP 1 refers to the identifying image storage area 14B andcompares the image data representing the candidate image, extracted inS480, with the second authentication data registered in the identifyingimage storage area 14B. In S490, matching of the image data representingcandidate image and the registered second authentication data can beexamined by a known image matching algorithm for personal seals. In thisregard, the buffer area 14D is used for calculation concerning the imagematching. For example, one of the extracted and registered images isrotated to be laid over the other of the images, and commonality of thetwo images can be examined to find as to whether features of the twoimages coincide.

In S495, the MFP 1 judges as to whether authentication in the secondauthentication method is successful. In particular, the MFP 1 determinesthat authentication is successful when the extracted image data and theregistered second authentication data are identical.

If the MFP 1 judges that authentication is not successful (S495: NO),the flow proceeds to S445, (see FIG. 8), in which the MFP 1 denies thecurrent user activation of the desired function and terminates thefunction-controlling flow.

If the MFP 1 judges that authentication is successful (S495: YES), inS500, the MFP 1 switches users. For example, if the current user haslogged in with the user name “User1,” but the identifying imageextracted approved in S490 coincides with an image represented by thesecond authorization data of “User3,” the MFP 1 considers the currentuser to be “User3” and switches the user names from “User1” to “User3.”

In S505, the MFP 1 obtains functional limitations for the user approvedin the second authorization method (i.e., “User3” in the above example).In S510, usability of the desired function for the current approved useris examined. In S515, when the current approved user is permitted to usethe desired function based on the examined usability. For example, when“User1” is the approved user, the MFP 1 refers to the functionallimitation for “User1” registered in the functional limitation storageunit 14A. Specifically, when “User1” wishes to use copier, the MFP 1refers to the functional limitation for “User1” concerning the copierfunction and judges the usability of the copier function for “User1.”

In S515, if the MFP 1 judges that the desired function is permitted tothe current approved user, the flow proceeds to S430 (see FIG. 8), inwhich the MFP 1 activates the desired function. The MFP 1 terminates theflow thereafter.

In S515, if the MFP 1 judges that the desired function is not permittedto the current approved user, the flow proceeds to S445 (see FIG. 8), inwhich the MFP 1 denies the current user activation of the desiredfunction and terminates the function-controlling flow.

According to the above flow, the MFP 1 in the present embodimentactivates a desired function, in which the processible image can beprocessed, when the read identifying image is approved to be an imagequalifying predetermined authorization criteria. Therefore, only limitedusers who can form the identifying images in the identifying image areaA3 are allowed to activate such a function. Further, a number of timesto use the function can be controlled on the basis of an approved userso that even the approved user can be allowed to use the function withinthe limited number, which is assigned by the administrator.

According to the above embodiment, specifically in the secondauthentication method, the user is released from necessity to manuallyinput the user name and the password to log in the MFP 1, unlike theconventional devices which can be logged in solely in the firstauthentication method.

In the MFP 1 according to the above embodiment, the identifying image isformed in an area (e.g., the identifying image area A3) distinctly fromthe processible images in the processible image areas (e.g., the firstprocessible image area A1 and the second processible image area A2).Therefore, the identifying image is prevented from being included in theprocessible images. When, for example, the identifying image is includedin the processible image area, and the processible image is passed(e.g., transmitted by the facsimile transmission function) to the otherpersons, the identifying image may be also transmitted and exposed tothe others. According to the above embodiment, however, the identifyingimage formed in the separate identifying image area A3 is prevented frombeing processed or passed to the others. Therefore, the identifyingimage can be prevented from being exposed to the others and from beingmaliciously used by the others.

According to the above MFP 1, the identifying image area A3 is not fixedbut can be arranged in a user's desired range, for example, as shown inFIGS. 3A, 3B, 4A, and 4B. Therefore, the user can set the identifyingimage in an area convenient to the user.

According to the above MFP 1, when the processible image area and theidentifying image area A3 are arranged on each side of the originalsheet separately (see FIG. 4B), and the reverse side D2 having theidentifying image area A3 does not include a processible image area, thereverse side D2 is exclusively used by the identifying image. Therefore,the identifying image can be formed in a preferred range on the reverseside D2 with less limitation concerning the processible image areacompared to the case in which one side of the original sheet is sharedby the processible image area and the identifying image area.

Optionally, according to the above MFP 1, when the processible imagearea and the identifying image area A3 are arranged on one side of theoriginal sheet (see FIGS. 3A, 3B, and 4A). Therefore, the processibleimages can be formed on the both sides D1, D2 of the original sheet tobe processed by the desired function.

According to the above MFP 1, optimization of the relation among thelengths L2, L3, and the feeding speed of the original sheet enables theMFP 1 to start obtaining the processible image from the firstprocessible image area A1 upon authentication of the image obtained fromthe identifying image area A3, and the MFP 1 to cancel obtaining theprocessible image from the first processible image area A1 upon failureof authentication. Therefore, scanning of the first processible imagearea A1 is prevented from being conducted in vain.

Further, the MFP 1 in the above embodiment is equipped with thefunctional limitation storage area 14A (see FIG. 2A); therefore,permission and restriction of the respective functions can be setpersonally on basis of the user.

Furthermore, the MFP 1 in the above embodiment is capable of scanningthe obverse side D1 and the reverse side D2 concurrently to read theprocessible images and the identifying image by the first image sensor12A and the second image sensor 12B respectively. Therefore, the imagesformed on the both sides can be read in a shorter period of timecompared to a case in which the obverse side and the reverse side of theoriginal sheet are sequentially scanned by a single image sensor.Further, when the obverse side D1 and the reverse side D2 are scanned bythe first image sensor 12A and the second image sensor 12B respectively,configuration of the original feeder unit 12 can be less complicatedcompared to a case in which a feeder unit feeds the original sheet tohave one side firstly and the other side thereafter scanned by thesingle image sensor.

Although an example of carrying out the invention has been described,those skilled in the art will appreciate that there are numerousvariations and permutations of the image processing device that fallwithin the spirit and scope of the invention as set forth in theappended claims. It is to be understood that the subject matter definedin the appended claims is not necessarily limited to the specificfeatures or act described above. Rather, the specific features and actsdescribed above are disclosed as example forms of implementing theclaims.

For example, in the above embodiment, the MFP 1 is capable of scanning asingle side only and of scanning both sides selectively. However, thepresent invention can be similarly applied an MFP capable of scanning asingle side only. In this configuration, one side of the original sheetis shared by the processible image area and the identifying image area,and the processible image and the identifying image are scanned from theone side of the original sheet. Therefore, one of the two image sensors12A, 12B ban be omitted, and configuration of the scanner unit 12 can beless complicated.

For another example, the identifying image may not necessarily be animprinted personal seal, but may be, for example, a hand-written orprinted character string, a fingerprint, a bar-code, and atwo-dimensional code, which can be optically read by an image sensor.When a hand-written image is used as the identifying image, a techniqueto analyze hand-written images by, for example, extracting hand-writtenfeatures from the image to identify the user needs to be installed inthe MFP. When a fingerprint is used as the identifying image, atechnique to identify the user based on the fingerprint needs to beinstalled. When a bar-code or a two-dimensional code is used as theidentifying image, similarly, a technique to analyze the code needs tobe installed.

What is claimed is:
 1. A copier machine, comprising: a scannerconfigured to read an image formed on an original sheet; an imageforming unit configured to form a copied image on a recording sheetbased on image data representing the image read by the scanner; and acontrol unit configured to control the scanner and the image formingunit and control a copier function of the copier machine to duplicatethe original sheet by executing: a first authorization step, in whichjudgment is made whether predetermined user information was entered, thepredetermined user information identifying a user who is authorized touse the copier machine; a reading step, after the user is authorized touse the copier machine in the first authorization step by thepredetermined user information and when activation of the copierfunction is instructed, the scanner is manipulated to read the imageformed on the original sheet; an obtaining step, in which authenticationdata to identify the user is obtained from the image data representingthe image read by the scanner; and a second authorization step, in whichjudgment is made whether the authentication data obtained in theobtaining step indicates permission for the user to use the copierfunction, wherein the control unit forms the copied image on therecording sheet when judgment is made that the authentication dataindicates permission for the user to use the copier function in thesecond authorization step, and restricts forming of the copied imagewhen judgment is made that the authentication data does not indicatepermission for the user to use the copier function.
 2. The copiermachine according to claim 1, wherein the authentication data isobtained by the scanner reading a predetermined area set in the originalsheet.
 3. The copier machine according to claim 1, wherein thepredetermined user information is a password being entered by the user.4. The copier machine according to claim 1, further comprising: astorage unit, wherein the storage unit stores a table, in which theauthentication data of the user to be judged in the second authorizationstep is associated with the user.